- Security experts said packages with billions of weekly downloads were compromised, potentially exposing private keys and sensitive data.
- Although patches were released, experts warned developers to audit dependencies and users to remain cautious of potential vulnerabilities.
- Want to trade this news? Get access to the 34-0 income strategy that loves volatility →
Ledger Chief Technology Officer Charles Guillemet on Monday urged crypto users to take immediate precautions following what appears to be a large-scale supply chain cyberattack targeting the JavaScript ecosystem.
In a post on X, Guillemet explained that the NPM account of a trusted developer was compromised, with malicious code embedded into widely used packages.
These packages have reportedly been downloaded over one billion times, raising concerns that countless applications, including those tied to cryptocurrency, could be vulnerable.
"There's a large-scale supply chain attack in progress," Guillemet said, adding that those using hardware wallets remain safe as long as they carefully verify transactions before signing.
He advised others to temporarily avoid onchain transactions until the situation is under control.
The malicious code works by silently altering crypto addresses, redirecting funds to attackers without user knowledge.
The incident has been described by some developers as potentially "the largest supply chain attack ever."
Also Read: Stablecoins Could Reach $4 Trillion Market Cap By 2030: Bernstein
According to security researchers like @0x_ultra, high-volume libraries such as Chalk and their dependencies, which see billions of weekly downloads, were compromised.
He warned that these corrupted packages could expose private keys.
The package maintainer confirmed the breach, explaining that attackers used phishing emails from a fake npmjs.com domain to seize control of accounts.
While patched versions were released around 15:15 UTC, experts cautioned that frontend applications may still be at risk.
@0xCygaar noted that although NPM disabled the compromised versions, developers who recently ran updates should carefully check their dependencies.
Guillemet stressed once again that hardware wallets with clear-signing features remain secure, while users relying solely on software wallets are most exposed.
The attack resembles past incidents where address-swapping malware redirected funds, echoing techniques linked to North Korean hackers in previous exchange breaches.
Read Next:
Image: Shutterstock
© 2025 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.